Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 22 Jan 2006 13:46:42 -0700
From:      "darkstrumn@qwauulprime.hivenet.net" <darkstrumn@hivenet.net>
To:        freebsd-security@freebsd.org
Subject:   ASMTP setup  on 4.8 -- SOLVED!!!
Message-ID:  <43D3EF32.6050002@hivenet.net>
next in thread | raw e-mail | index | archive | help 
Hi Drew,

I came across your solution to an SASL problem where the system would 
not authenticate.

<snippet>
Note: As per discussions on the Postfix users mailing list, there is a
known issue in Postfix20020917/SASL2 where the smtpd_sasl_local_domain
option must be left to an empty (null) value, otherwise SASL2 will not
authenticate.

In /usr/local/etc/postfix/main.cf I had "smtpd_sasl_local_domain =
$myhostname" as shown in the various examples on the net.  Based on the
above, I changed it to "smtpd_sasl_local_domain =" and now it works.
</snippet>


In my attempts to correct the issue, your solution provided the nudge in 
the right direction. However, I believe the conclusion "a known issue in 
Postfix20020917/SASL2" is invalid.

Using your solution as a base, I instead of issuing a
"saslpasswd2 -c -u domain user" (user is unable to authenticate)

issue a
"saslpasswd2 -c -u hostname.domain user" (user is now able to authenticate)

where the hostname is happens to be the hostname of the server as that 
is the fully qualified $myhostname. To proof it, I changed 
"smtpd_sasl_local_domain = $myhostname" to "smtpd_sasl_local_domain = 
$mydomain" and the original user added via "saslpasswd2 -c -u domain 
user" is now able to authenticate using the credentials for that user.

So, by setting "smtpd_sasl_local_domain = " to (null) it allows users 
added using "saslpasswd2 -c user" to work, which I also tested.

Anyway, I'm writing you because I'm not on the news groups, and can not 
post my findings, but as you have, and had this issue once before...I 
figured you might post it. If you do not wish to, that's ok too, I just 
figured I would contribute to the community what I could.

Thanks for your time.
Dawayne

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?43D3EF32.6050002>